Complying With HIPAA, Privacy Laws, and Exceptions During a Public Health Crisis

Ms. Metnick is a partner in the Corporate Practice Group in the firm's Chicago office and a member of the Healthcare and Privacy & Cybersecurity Teams. She represents a range of healthcare industry clients, including hospitals and health systems, physician organizations and digital health companies. Ms. Metnick advises on healthcare regulatory and transactional matters with a focus on health information privacy and security. She is the founder and leader of Sheppard Mullin Healthy AI, which is an initiative focused on legal issues relates to the use of AI in healthcare. Ms. Metnick counsels healthcare clients on issues relating to AI, including governance, contractual matters, and data related issues. She advises clients on a range of privacy and security laws, including HIPAA and other federal and state privacy laws. Ms. Metnick also counsels businesses in data breach investigations and compliance with federal and state breach notification laws. She is a Certified Information Privacy Professional/United States (CIPP/ US) and a Certified Information Privacy Professional/Europe (CIPP/E).

Mr. Shah advises clients on privacy, cybersecurity, and data protection laws and regulations, as well as healthcare fraud and abuse matters and government investigations relating to health information technology. He counsels clients on digital health and data asset management strategies and related compliance issues. Mr. Shah’s work focuses on defense and counseling of healthcare entities on legal and regulatory compliance issues around privacy, cybersecurity, and data asset management. He has extensive experience with legal issues related to health information technology, big data analytics, and digital health strategies. He provides compliance counseling, establishes and evaluates compliance programs, conducts privacy and security risk assessments, establishes compliant contracting strategies to build trust networks, and responds to data breaches. Mr. Shah is a Certified CSF Practitioner, a designation given by the Health Information Trust Alliance, an organization that provides training to develop and maintain effective security programs for healthcare and life sciences companies that comply with security laws, regulations, and standards, including HITECH, HIPAA, PCI, JCAHO, CMS, ISO, NIST, and various other federal, state, and business requirements. He is also recognized by the Healthcare Information and Management Systems Society as a Certified Professional in Healthcare Information and Management Systems (CPHIMS). Mr. Shah is also recognized by the International Association of Privacy Professionals as a Certified Information Privacy Professional in the United States.